Terraform 无法创建角色并将其分配给 AWS Spot 队列资源

Question

在此处使用 terraform 示例启动现货车队时，我需要提供所需的值。

iam_fleet_role      = "arn:aws:iam::12345678:role/spot-fleet"

但是，我不想提供帐号，因此我想创建一个角色并附加“AmazonEC2SpotFleetTaggingRole”策略，因此我编写了以下代码，但出现错误：

* aws_spot_fleet_request.cheap_compute: "iam_fleet_role" doesn't look like a valid ARN ("^arn:[\\w-]+:([a-zA-Z0-9\\-])+:([a-z]{2}-(gov-)?[a-z]+-\\d{1})?:(\\d{12})?:(.*)$"): "test_role"

我做错了什么还是应该以其他方式做？

 resource "aws_iam_role" "test_role" {
      name = "test_role"

      assume_role_policy = <<EOF
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": "sts:AssumeRole",
          "Principal": {
            "Service": "ec2.amazonaws.com"
          },
          "Effect": "Allow",
          "Sid": ""
        }
      ]
    }
    EOF
    }
    resource "aws_iam_role_policy_attachment" "AmazonEC2SpotFleetTaggingRole-policy-attachment" {
        role = "${aws_iam_role.test_role.name}"
        policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole"
    }


# Request a Spot fleet
resource "a`enter code here`ws_spot_fleet_request" "cheap_compute" {
  iam_fleet_role      = "${aws_iam_role_policy_attachment.AmazonEC2SpotFleetTaggingRole-policy-attachment.role}"
  spot_price          = "0.77"
  allocation_strategy = "diversified"
  target_capacity     = 2
  valid_until         = "2018-06-11T20:44:20Z"

  launch_specification {
    instance_type     = "t2.micro"
    ami               = "ami-1853ac65"
    spot_price        = "0.777"
    availability_zone = "us-east-1a"

    tags {
    Name = "spot-fleet-example"
    }
  } 
}

Answer 1

你在这里有几个问题：

• Spot Fleet 角色要求您为spotfleet.amazonaws.com
• 您错误地引用了创建的角色，您需要引用资源的arn属性aws_iam_role

例子

如上所述创建您的 Spot Fleet 角色：

resource "aws_iam_role" "example" {
  name = "example-fleet-role"
  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "spotfleet.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF
}

将 AWS 托管策略附加到角色

resource "aws_iam_role_policy_attachment" "AmazonEC2SpotFleetTaggingRole-policy-attachment" {
  role = "${aws_iam_role.example.name}"
  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole"
}

通过使用arn属性从aws_iam_role

resource "aws_spot_fleet_request" "cheap_compute" {
  iam_fleet_role      = "${aws_iam_role.example.arn}"
  spot_price          = "0.77"
  allocation_strategy = "diversified"
  target_capacity     = 2
  valid_until         = "2018-06-11T20:44:20Z"

  launch_specification {
    instance_type     = "t2.micro"
    ami               = "ami-1853ac65"
    spot_price        = "0.777"
    availability_zone = "us-east-1a"

    tags {
    Name = "spot-fleet-example"
    }
  } 
}